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performance by reducing resources’ cost and consumption, with a commitment of 

action and efficiency to its citizens. The increased urban migration has led to many 
problems in cities, such as traffic congestion, waste management, noise pollution, energy 
consumption, air pollution, etc., as nowadays COVID-19 pandemic has seized the whole 
world. So, it is necessary to carry out its standard operating procedures (SOPs), including less 
human interaction. Thus, technology plays a vital role via Internet-of-Things (loT) based 
systems. In this paper, a lightweight security mechanism (LSM) is proposed to enrich the 
IoT based systems. Blockchain technology is integrated, and its completely decentralized 
peer-to-peer (P2P) technology enables the users’ authentication and authorizes legitimate 
procedures. The IoT based management system is developed to monitor some of the 
aforementioned problems and solve solid waste, air, and noise monitoring systems. The 
Ethereum blockchain is used to implement a smart contract based framework for the 
system’s security and access control. The evaluation of performance of the LSM 
demonstrates that it is an efficient and lightweight tool in terms of cost, resources, and 
computation and superior over related security studies. 
Keywords: Smart City, Internet-of-Things, Lightweight Security Mechanism, Blockchain, 
Smart Contract. 
1. INTRODUCTION 

According to the 2017 census, Pakistan’s urban population was 32% in 1998, which 

has increased to 40% and is predicted to reach 50% by 2025 [1]. With the rise of population, 
the burden on city administrations to provide essential services to all citizens has also 


, matt cities utilize digital technologies for the improvement of its services’ quality and 
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increased. Moreover, the COVID-19 pandemic has held onto the entire world. Thus, it is 
vital to complete its standard operating procedures (SOPs), which incorporate less human 
interaction utilizing technology for several purposes [2], [3]. There has been a significant 
development in the intelligence of digital devices, such as smart 

machines, smartphones, and smart sensors, leading to the high-quality pursuits of the 
Internet-of-Things (loT) to meet administrative requirements [4]. loT uses the internet to 
connect different devices in different areas to collect and analyze information without 
human-to-human interaction [5]. 

IoT works on mechanism of transferring the data from sensor to cloud through 
gateway to store data from where different integrated devices share their information to 
communicate ot to exchange data with each other. This working mechanism reduced the 
human interaction with computer as sensors automatically exchange their information with 
each other. Human have just to monitor the data on Graphical-User Interface (GUI) 
developed for different types of data. IoT includes three layers, the perception layer, the 
network layer and the application layer [6]. The perception layer includes a group of devices 
authorized for the Internet which are able to sense the objects, and for exchange of data 
with other devices by Internet communication systems. Radio Frequency Identification 
Devices (RFID), cameras, sensors, Global Positioning Systems (GPS) are examples of layer 
of perception of the devices. Information transmits from perception layer to application 
layer through the network layer. IoT systems use a combination of short-range systems of 
communication technologies such as Bluetooth and ZigBee to carry the data of the devices 
of the perception to a gateway near based on the functionality of the parties’ appellants. The 
technologies of the Internet such as Wi-Fi, 2G, 3G and 4G carty information on long 
distances based on the implementation [7]. 

IoT devices have to be built-in with various devices and units, enabling them to 
interact and engage seamlessly with each other in an impervious way to reduce human 
resources [8]. Thus, this large volume of data can also pose many problems as it is 
centralized and monitored from time to time by a single provider. The cloud is a processing 
and storage technology that cannot guard its consumers’ security and privacy [9]. The work 
was being started, and different techniques were proposed, but the integration of IoT with 
blockchain technology gained the limelight of researchers and developers [10], [11]. 
Blockchain made its space in the market due to its decentralized, distributed, and 
tamperproof ledger properties. Blockchain technology has proven to be sufficient for 
economic purposes like Bitcoin and can be of incredible value [12], [13]. Integrating it with 
the IoT based management system enables an extra layer of security and data integrity by 
authorizing only authentic users. It maintains transaction archives throughout countless 
nodes that are Peer-to-Peer (P2P) coupled, making it tamperproof [14], [15]. 

By smart contract, it allows more functionality to play with the loT and blockchain’s 
integration with each other. A blockchain based scheme by issuing tokens for user access to 
fog-enabled IoT devices using a smart contract is developed (J. K. Mudhar et al., 2020) [16]. 
The tokens are issued to the user by the admin in an off-chain procedure by which the 
question of the token’s confidentiality and integrity is raised. However, the feasibility of the 
system in a real environment is not tested likewise (J. Oh et al., 2021) [17]. In (A. Ouaddah, 
2019) [18], a Fair Access and PPDAC is introduced as a lightweight and privacy-preserving 
access control-based on blockchain, mainly the open access and public type. 


Dec 2021 | Vol 3| Special Issue Page | 2 


oven acces International Journal of Innovations in Science & Technology 

On the other hand, (P. Velmurugadass et al., 2021) [19] constructed a blockchain 
based architecture that is used for data integrity and privacy in the IaaS cloud. However, 
Proof-of-Work (PoW) is not suitable for loT systems as they are resource constraints. Apart 
from blockchain, (M. Masud et al., 2021) [20], a one-way cryptographic hash, bitwise XOR, 
and nounce (number used only once) are used to provide a lightweight and secure 
communication. In (G. Sharma et al., 2019) [21], (M. Wazid et al., 2019) [22], proposed a 
lightweight authentication scheme that proved to be as insecure against privileged insider 
attacks. 

Considering and overcoming the issues raised in the aforementioned studies, LSM, a 
lightweight security mechanism is proposed. LSM has a strong authentication with accurate 
verification and reduced the computational overhead. Its performance evaluation makes it a 
lightweight mechanism for security, resources, optimization, and time. The application 
chosen to demonstrate the LSM feasibility and potential in a real environment, IloT based 
smart city management system, is developed to monitor and provide a solution to solid 
waste, ait, and noise monitoring management systems. These smart applications aimed to 
lead automation to reduce human-to-human or human-to-computer interaction due to the 
COVID-19 pandemic. 

Waste management is a primary expenditure in many modern cities since both the 
cost for the service and the storage of waste in landfills are relatively high. In current 
scenario, collection and management of waste is quite difficult without the use of modern 
technology [23], [24]. To overcome these waste management problems, an IoT based system 
can be deployed to allow the terminals, namely “Smart Bins,” to monitor the available data 
to manage and call the garbage truck when necessary. IoT based system also offers statistics 
on ait quality in saturated areas, parks, and health tracks. In this way, humans can locate the 
healthiest route outdoors. This provision requires that the air pollution sensors be deployed 
in the metropolis and share the statistics freely with all authorized residents [25], [26]. 

The noise is also a form of pollution as the carbon dioxide (COz) in the air. In this 
case, the metropolis experts have already issued particular legal guidelines to decrease the 
quantity of noise in the metropolis [27], [28]. However, despite being written on boards 
(Quiet zone), people keep making noise in the hospital’s regions. loT based framework will 
observe noise levels for the authorities to take necessary actions. This service can improve 
the decorum of hospital areas and the silence at night. 

Benefiting from IoT characteristics and the distributed nature of blockchain, proposed 
LSM: a lightweight security mechanism for IoT based smart city management systems. The 
main contributions of this paper are given below: 

e A computationally efficient smart contract based lightweight security mechanism 

(LSM) for IoT based smart city management system is proposed. 

e LSM is secure against various attacks like a spoof, Sybil, and replay. 

e LSM only permits the registered and verified users to access the IoT data through 

the smart contract they authorized for IoT devices. 

Section I presents the introduction, literature review, objective and contributions. System 
architecture and testbed implementation for LSM is provided in section II. Section III 
evaluates the performance of the LSM in terms of security, time overhead, and benchmark 
studies. Further, the concluding remarks are offered in section IV. 
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2. MATERIAL AND METHODS 
LSM’s architecture is shown in Figure 1. The flowchart of the loT based smart city 
management is shown in Figure 2. The architecture of the developed system is consisting of 


two components whose functionalities are discussed below: 
Internet-of-Things 
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Figure 1. System Architecture of LSM 
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Figure 2. Flowchart of IloT based Smart City Management System 
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Hardware Components: Different sensors and modules are incorporated in this system 
architecture to represent IoT system. microphone, MO-6, and ultrasonic sensors are 

used for noise, ait, and garbage monitoring, respectively. Mini-fan is used as a vacuum for 
demonstration purposes. W7-F7, GSM, and GPS modules transmit IoT data, messages, and 
locations, respectively. All sensors and modules are interfaced with an Arduino-Uno board, 
which is an 8-bit microcontroller integrated circuit. 


Software Components: Arduino-Genuino software is used for code compilation and 
configuration of the modules. To store data on the cloud, the Thing Speak server is used. 
Ethereum is a popular platform that can process any complex algorithm code through 
Ethereum Virtual Machine (EVM). So, Ubuntu operating system (OS) is used in this system 
architecture for Ethereum blockchain development. Communication between Erhereum and 
cloud is done through a python script that includes the JSON-RPC protocol and the Web3py 
library’, which are lightweight and efficient for a resource constraint environment. An 
Ethereum node can call or deploy a smart contract using Go-Ezhereum (Geth) client. A smart 
contract is a bunch of rules or provisions of an agreement that executes on a blockchain to 
audit and authorize these concurred terms without the association of an outsider. So/dity, a 
high-level language, is used to write a smart contract. Remix IDE and Truffle suite are used to 
develop and deploy the smart contract. 


The IoT based smart city management system is implemented to demonstrate the 
potential to carry out the LSM as a Proof-of-Concept (PoC). The garbage monitoring system 
will update their data after every five minutes. The air monitoring system will update after 
every fifteen minutes, and the noise monitoring system will continuously update its data. loT 
devices are connected with the cloud to upload their data and communicate with each other. 
Users are connected to the blockchain. The advantage of this method is that users get IoT 
data only when they request it. Resource optimization is done via this technique. User 
authentication is done via a smart contract in the blockchain and brings confidentiality, 
integrity, authenticity, and various security attacks like a spoof, sybil, and replay. This study 
aims to get a lightweight security mechanism in IoT as they operate in a resource constraint 
environment. Table 1 shows the notations used in this paper. 

IoT based Garbage System 

In this system, w/trasonic sensor and GPS module are attached to the garbage bin 
through which data and location information is fetched. By using the distance formula “s = v 
x ¢”, theultrasonic sensor measures the bin status. Through the W7-F7 module on it, statistics 
are uploaded on the cloud, enabling the users to monitor it from anywhere. Whenever the 
garbage bin is full, the message is sent through the GSM module to authorities to take 
necessary actions. 
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Table 1. Table of Notations 


Notations Description 


Datadevice IoT sensor’s data 


EAywser Ethereum’s address 


EAreg. Registered users 
Hashreg. Registered hash 
ID device IoT sensor’s number 
Signyser User credentials 


‘https://web3py.readthedocs.io/en/stable 


Algorithm 1: Smart Contract 
Input: SIM cers TD rice 


Output: Daia,,,,, Data: 
HA,,, Hash. 


reg.> 
// Checking if the user is authorized to the system 
1 if EA,,,. -EA,, then 


2 return false 
// Checking if the user is authorized to the device 
3 else if Reccak256(Signcoy UD gerice) == Hash, then 
4 return true, Dafa juin 
5 else 
6 | return false 


JIoT based Air & Noise Monitoring System 

Different sensors such as MQ-6 and microphones are used to fetch the value of 
noise and air pollution from the surroundings in this system. In addition, GPS module is 
used to access the location. Through the W7-F7 module on it, statistics are uploaded on the 
cloud, enabling the users to monitor it from anywhere. A relay is used to interface the fan 
with the air sensor. Whenever a gas value passes a specific value, the signal is given to the 
relay, and the fan is operated. 
Blockchain Integration 

Ethereum blockchain and its nodes are developed using the Geth implementation on 
Ubuntu OS. The genesis file is created using puppeth to trigger the Ezbereum blockchain. 
Clique, Proof-of-Authority (PoA), consensus protocol is opted [29]. Keccak256 algorithm is used 
to create Erhereum addresses [30, 31, 32]. Elliptic Curve Digital Signature Algorithm 
(ECDSA) generates private and public keys. The smart contract is developed utilizing the 
Remix IDE platform. The functionality of the smart contract is presented in Algorithm 1. 
The Truffle suite is utilized for the deployment of the smart contract. Smart contract 
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transactions cannot be changed and are permanently stored in a transparent framework. The 
deployed code of the smart contract cannot be changed and is only triggered by the sender’s 
transaction message. 
a RESULT AND DISCUSSION 

The developed IoT based smart city management system is illustrated in Figure 3. 
The specifications of the devices on which the developed system is evaluated are shown in 
Table 2. The results are system-dependent. They can vary from system to system as their 
specifications change. The smart city application’s results are taken by deploying the IoT 
system in Lahore city"31.5204° N, 74.3587° E. 


Welcome To 
Smart City App 


Air & Noise Pollution Monitoring 


GAS = 205.00 ppm 


MIC = 85 db 
LAT = 31.5407715 LON = 74.3750381 


Garbage Monitoring 


VALUE = 100 % 


Bin is Full 


tp://maps.google.com/? 
q=loc:31.5407715,74.3750381 


Figure 3. loT based Smart City Management System 


Table 2 Specification of Devices 


Device Model Processing Speed 
Laptop HP-450-Notebook Intel Core 15, 3rd Gen. 
Internet Router PTCL DSL-G2452D 8 Mbps 
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(x) ubuntu@ubuntu-vbox: ~ 


User Sign: 0xcec646349d71e34c0c128eea6b88ddfade60431b 


User Sign: 0x89993e4cA642C55aAb17a4A202AA4378F70d67ad 

IoT Device: 1 

Garbage bin status: 20 

Transaction ID: 0x6b690865437a787568c6889966b677e88df 567865467 7a5679988b68998775 
90 


User Sign: 0x89993e4cA642C55aAb17a4A202AA4378F70d67ad 

IoT Device: 0 

Noise status: 32 

Transaction ID: 0x8754b45789e579954ac356899b56788655d4567764576897854a898c677de4 
66 


User Sign: 0x0337518b10d11ff8c475ab2508ea120e3d7f41e7 
IoT Device: 2 
False 


User Sign: Oxcec646349d71e34c0c128eea6b88ddfa0e60431b 
IoT Device: 1 
False 


Figure 4. User Authentication via LSM 


“Sensor || cloud | stk 


1 1 ! 1 
1 | 1 1 | 
1 Incoming data ; \ 
1 (Arduino-Genuino) | I 1 I 
a : Request for 

IoT dat 
i thenti 

ee — 1 If the User 
If the User ! (True) not authentic 
| 


is authorize 


If the User ! (False) 
forrequested | ' , 

| 

| 

| 


not authorize 


1 

loT data for requested ] 
1 

1 


et IoT data 


1 (False) 
Data transfer f > 


| I 

(JSON-RPC + 
— r 1 

} web3py) H 1 ; 
1 Output 
1 conditions 


Figure 5. Sequence Diagram of LSM 
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The incoming sensor’s data is transmitted via a python script using JSON-RPC and 
Web3py library. The python script loads data from the cloud’s URL’ and directs it to the 
blockchain. When the user is required to screen any of the IoT’s data, it will enter itselfs 
credentials (S7eMuer) and the required sensor number Dyce) from its Erthereum address 
(EA,jr). Then, the smart contract will first check the authenticity of the user by comparing 
FA with the registered users (EA,»). If the user is authentic, then it will check the 
combine hash of S7gMyc7 and IDimcusing Keccak256 algorithm with registered hashes (Hash). 
Different numbers are assigned to various sensors. The number “0” is given to the microphone 
and “1” to the w/trasonic sensor, and “2” to the gas sensor. If the hash matches and the user is 
authorized to access the requested IoT’s sensor data, then the respective values are then sent 
to the requested user; otherwise, it will return “false”, as illustrated in Figure 4. The complete 
sequence diagram of LSM is illustrated in Figure 5. 

Security Analysis 

e Integrity: For the integrity of the data in the system, data is signed before sending 
data to the recipient, using the ECDSA algorithm supported by Ethereum. The 
recipient confirms this against the smart contract’s address. 

e Identification: S20 and [Danie is tequited to access the IoT system. Each device 
and userregistered with the system has a separate ID and sign. 

*https://thingspeak.com/ 

e Non-repudiation: All transactions are signed with their respective S2gMys. Therefore, 
the sender cannot repudiate having performed a transaction. 

e Authentication: The user must first be registered with the loT system. If the user is 
already registered, the smart contract has the associated credentials. As soon as the 
smart contract verifies the existence and validity of the details provided by the user, it 
can interact with the loT system. 

e Spoof attack: To successfully launch a spoof attack, attacker need a S7gMys,1Ddwicand 
EA, If the attacker somehow gets the [Dénice and EA, still needs the SZgityser. 

e Sybil attack: In a Sybil attack, the attacker needs to create a fake identity to enter 
into the system. In LSM, users and devices are not allowed to have more than one 
ID. The message is signed with the private key. Therefore, creating a fake identity in 
the system has been reduced and is almost infeasible. 

e Replay attack: In LSM, all messages generated in the system are assigned to a 
unique transaction ID and timestamp. Therefore, a replay message with a previously 
accepted transaction ID will be rejected. So, protection against replay attacks is 
coped. 

Time Overhead 

If users directly access the cloud for the IoT data, the delay is less as compared to the 
blockchain. Because users are interacting with the cloud direct now, but there is no 
significant security in the cloud. On the other hand, in blockchain, users interact with the 
cloud via blockchain due to which processing and propagation delay increases. So, this is our 
trade-off between delay and security. But, as the number of users increases in the cloud, the 
total delay increases because of the rise in queuing delay. But in blockchain, despite the 
increase in the number of users, total delay remains almost constant, as illustrated in Figure 
6. The total delay is calculated using the total delay equation, illustrated in Figure 7. 
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Figure 8. Computational Graph of LMS in terms of Gas and Ether consumed 
Comparison with Relevant Work 

Gas is described as a resource that is paid for transaction verification. By increasing 
the gas limit, the average block size increases, affecting the increase in cost. A large block 
size means more space to store the Ethereum blockchain. LSM consumed 26664 gas, 
illustrated in Figure 8. While (J. K. Mudhar et al., 2020)’s request access smart contract 
consumed 51402 gas. (P. Velmurugadass et al., 2021) used PoW operations which include 
more CPU power consumption as compared to PoA. So does the energy consumption also 
increase in PoW which has a negative effect on the system’s delay. PoA is a lightweight 
consensus protocol, and its equipment is also cost effective as compared to PoW. 
LSM can scale well regarding the number of devices without affecting the system as the 
cloud manages it. The computational effort is independent of the number of devices. LSM is 
tested in a real environment and has a permission access control compared to (J. Oh et al., 
2021), and (A. Ouaddah, 2019). 
4. CONCLUSION 

This paper demonstrated the lightweight security mechanism LSM for an IoT based 
smart city application management system by integrating blockchain technology within the 
network, enhancing the user authentication and access control using the smart contract. The 
performance evaluation illustrates LSM as a lightweight in terms of cost, resources, and 
computation. While secure in the spoof, sybil, and replay attacks. In the near future, the plan 
is to extend the system with more applications and add machine learning/deep learning to 
make smatt cities more efficient and autonomous to cope with the recent and zero-day 
attacks. 
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